Jump to content
RESET Forums (homeservershow.com)
Just Checking

Link Aggregation/Trunking - Managed Switch Choice

Recommended Posts

ikon

Yikes! That is scary. Have you communicated your fears and displeasure to CenturyLink management? It sounds like a really good reason to set up your own router.

  • Like 1

Share this post


Link to post
Share on other sites
Just Checking

Yikes! That is scary. Have you communicated your fears and displeasure to CenturyLink management? It sounds like a really good reason to set up your own router.

 

Yes.  The more I learn about networking, the more troubbled I am that my personal and company files are an open book.  My wife thinks I am paranoid but, like they say, "Are you paranoid when people are really out to get you?"  If my ISP has access to my network automatically, so does almost anyone else.

Share this post


Link to post
Share on other sites
ikon

The answer to your 1st question is, "No, you are not paranoid if people are really out to get you.". The very definition of paranoia is that you believe people are out to get you when they aren't. :)

 

I'm not sure you're quite as vulnerable as you say. True, people at your ISP can see your LAN, at that, IMHO, is unconscionable. However, it doesn't mean people from anywhere on the internet can get to your LAN. For one thing, you have NAT working in your favour with regard to people who don't use your ISP. 'Course, that doesn't mean other CenturyLink customers are necessarily prevented from seeing your network.

 

I would be moving to tighten up security at the edge of your LAN -- having your own router sounds like a good place to start. BTW, if CenturyLink wont' tell you how to configure your modem-router as a bridge you have several other possible options:

  1. search the Internet for ways to get around CenturyLink's uncooperativeness;
  2. see if it's possible for you to change the login credentials of the modem-router;
  3. set up an Untangle or pfSense router between your ISP and your LAN.
  • Like 1

Share this post


Link to post
Share on other sites
jem101

Well if CenturyLink provide a fully, remote managed modem/router and they have full administrative access to it, then they will have access to inspect traffic on the LAN (your) side of the connection. The DHCP tables (if on the router) will tell them the number of devices you have, the NAT tables will tell them what each is connecting to, the names will come from NETBIOS or DNS and so on.

 

As Ikon says the best thing is to have your own router which will sit between your network (LAN) and the ISP's network, the WAN side. Ideally you should get the supplied router to be in modem-only mode (or whatever they call it), but being on the other side of the Atlantic, I'm not familiar with this ISP or what they supply or how configurable it is, connect it to the WAN side of your own router and that'll block their access to everything beyond their own equipment.

 

Of course if they won't tell you how to do it or if indeed it isn't possible then one option would be to still have your own router (be it a hardware device or a software based solution) in between but then you will need to deal with the issues of double-natting (not really a problem unless you want to access your network/servers from outside) and the CenturyLink router will still be sitting there providing an unwanted bit of extra overhead in your connection.

 

Still nothing which can't be overcome, I'm sure they'll be no shortage of help and advice here.

 

John 

Share this post


Link to post
Share on other sites
Andne

I have CenturyLink and have always had my modem in bridge mode.  I had an Actiontec M1000 for a while, which is the default one they like to give you, but after frying one (it died after many years of use), I ended up replacing it with a NetGear DSL modem.  The NetGear is also in bridge mode, and once I got the right virtual circuit numbers from CenturyLink, it works just fine for me.  On both modems, I enabled bridge mode via the web interface, and then needed to configure the router behind it for PPPoE and enter the credentials provided by CenturyLink.  I use an atom-based box running pfSense for my router and then have some NetGear swiches behind that to connect all of my devices together.  It seems to work pretty well for me, and I am able to access the remote access webpage with no problems.

Share this post


Link to post
Share on other sites
ikon

Great info Andne. So, it would seem CenturyLink is much the same as most ISPs and it is possible to have the router/modem in bridge mode. That's great news. Just Checking, it seems things are looking up for you.

Share this post


Link to post
Share on other sites
Just Checking

I have an Actiontec C1000A DSL Modem/Router/AP from CenturyLink.  That is the only one that CenturyLink supports which they say are able to handle the 40 Download/20 Upload speeds of my internet connection and potentially VOIP.  I rent the device because I was not sure I wanted it.  I have tried to find just a DSL modem which will handle the connection speeds but have not found any at under US$100 which have the specifications to do so. I will have to look at Netgear DSL Modems.

 

I do have several discrete gigabit routers/wireless AP's (ASUS RT-N66U, Buffalo WZR-1750AC, & DLink 825).  They all worked great as routers when I just had cable services and a Dlink modem.   When I switched to DSL for the uplink speed and got this Actiontec C1000A device, I had to convert my routers to AP's because of NAT conflicts like jem101 stated.  The documentation from Actiontec is non-existent and Centurylink is just as bad.  I called the Tech Support lines several times and even the upper levels are just uneducated people working off script based action trees.  I was never able to reach anyone who knew enough about the Actiontec C1000A to be able to give any technical support.   The firmware in the C1000A is a really dumbed down DDWRT version which has almost no customization capabilities.   Another reason why I rent the thing instead of buying it.

 

I have a reasonable amount of equipment.   From the previous posts, this is what I think I should do.

 

1. Contact CenturyLink Tech Support and insist that I get someone who can tell me the procedure to disable the router function of the C1000A.

2. Connect the Actiontec C1000A to one of my own routers.  I would probably use the Buffalo WZR-1750AC because it is the most finicky (it either likes to be the router or it will be a totally dumb AP that cannot be accessed for updates by a web browser).  The ASUS RT-N66U has the most versatile browser based firmware and is easily configurable while in router, AP, or bridge mode.

3. Configure the chosen router for PPoE. 

 

I have CenturyLink and have always had my modem in bridge mode.  I had an Actiontec M1000 for a while, which is the default one they like to give you, but after frying one (it died after many years of use), I ended up replacing it with a NetGear DSL modem.  The NetGear is also in bridge mode, and once I got the right virtual circuit numbers from CenturyLink, it works just fine for me.  On both modems, I enabled bridge mode via the web interface, and then needed to configure the router behind it for PPPoE and enter the credentials provided by CenturyLink.  I use an atom-based box running pfSense for my router and then have some NetGear swiches behind that to connect all of my devices together.  It seems to work pretty well for me, and I am able to access the remote access webpage with no problems.

 

I am not sure what "virtual circuit numbers" means in this instance.   Here is the Wiki on this:

http://en.wikipedia.org/wiki/Virtual_circuit

I think what Andne means is that I should ask the ISP to set up a permanent TCP IP address for the modem and the set up my router to put all devices on constant TCP IP addresses also.   If my interpretation is not correct, I need further explaination of this.

 

Since I already have hardware routers, is it worth it to use a software router like Untangle or PfSense?  I have no experience with those but my reading says that they are more difficult to set up and require the server, or other computer to use CPU cycles to run.   They also have better control of the firewall.   I seem to remember previous threads here discussing them and I will do a little research before going further with that.

Share this post


Link to post
Share on other sites
ikon

If you have PPPoE, all you should need is the ID and password for your account. Centurylink should then automatically issue a dynamic IP to your router. You should not need a static IP. In fact, many ISPs will not even issue them to anyone unless they have a business account.

 

The only 'trick' I see in what you want to do is getting the modem-router into bridge mode.

 

IMHO, the software routers are worth it. They do require a computer to run on (I much prefer my router to have it's own hardware, but it can be done in a VM), but I believe they are more reliable, more robust, and have more configuration capabilities.

Share this post


Link to post
Share on other sites
Just Checking

I don't know your ZIP code, so I had to fake it (I used one for Cedar Rapids, IA) and go this page on CenturyLink's site that describes how to turn on Transparent Bridging on a C1000A: http://internethelp.centurylink.com/internethelp/modem-c1000a-adv-bridging-q.html

Thanks for the link.   I could not find that before.

I contacted CenturyLink Tech Support and after being cut off several times, as is normal.  I spoke to a representative who went into the script that is on the web site.  

 

I am now trying to recontact them regarding the PPP user name and password since I want to reset to another one but it will not let me.   Tech Support is very poor.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...